🚨 CVE-2023-39049
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
🎖@cveNotify
An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
🎖@cveNotify
🚨 CVE-2023-39056
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
🎖@cveNotify
An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.
🎖@cveNotify
🚨 CVE-2023-42399
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
🎖@cveNotify
Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.
🎖@cveNotify
GitHub
CVE-2023-42399 · Issue #1017 · xdan/jodit
CVE ID: CVE-2023-42399 PRODUCT: JoditEditor < v.4.0.0-beta.86 DETAILS: Jodit Editor v.4.0.0 beta.86 has an XSS vulnerability where the rich text editor does not completely filter out malicious X...
🚨 CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
🎖@cveNotify
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
🎖@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
🚨 CVE-2023-40932
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
🎖@cveNotify
A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.
🎖@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
🚨 CVE-2023-40933
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
🎖@cveNotify
A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
🎖@cveNotify
Outpost24
Nagios XI vulnerabilities resulting in privilege escalation (& more)
Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
🚨 CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
🎖@cveNotify
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
🎖@cveNotify
Magellan Sécurité
Magellan Sécurité, integrating protection solutions
Magellan Sécurité implements operational security solutions to help you face current and future threats. Find out more ...
🚨 CVE-2023-38887
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
🎖@cveNotify
File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.
🎖@cveNotify
Magellan Sécurité
Magellan Sécurité, integrating protection solutions
Magellan Sécurité implements operational security solutions to help you face current and future threats. Find out more ...
🚨 CVE-2023-38888
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
🎖@cveNotify
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
🎖@cveNotify
Magellan Sécurité
Magellan Sécurité, integrating protection solutions
Magellan Sécurité implements operational security solutions to help you face current and future threats. Find out more ...
🚨 CVE-2023-43141
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
🎖@cveNotify
TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control.
🎖@cveNotify
🚨 CVE-2023-42426
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
🎖@cveNotify
GitHub
GitHub - b0marek/CVE-2023-42426: Repository for CVE-2023-42426 vulnerability.
Repository for CVE-2023-42426 vulnerability. . Contribute to b0marek/CVE-2023-42426 development by creating an account on GitHub.
🚨 CVE-2023-43278
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
🎖@cveNotify
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
🎖@cveNotify
🚨 CVE-2023-43232
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.
🎖@cveNotify
🚨 CVE-2023-43234
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
🎖@cveNotify
DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.
🎖@cveNotify
GitHub
yux1azhengye - Overview
A cybersecurity researcher.
Focusing on penetration testing and threat information operations. - yux1azhengye
Focusing on penetration testing and threat information operations. - yux1azhengye
🚨 CVE-2023-43856
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
🎖@cveNotify
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.
🎖@cveNotify
🚨 CVE-2023-41445
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.
🎖@cveNotify
Gist
CVE-2023-41445
CVE-2023-41445. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41448
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41448
CVE-2023-41448. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41449
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
🎖@cveNotify
Gist
CVE-2023-41449
CVE-2023-41449. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41451
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41451
CVE-2023-41451. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41452
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41452
CVE-2023-41452. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2023-41453
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.
🎖@cveNotify
Gist
CVE-2023-41453
CVE-2023-41453. GitHub Gist: instantly share code, notes, and snippets.